GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → andry08 → ArubaOTP-seed-extractor

andry08 / ArubaOTP-seed-extractor

Licence: MIT license
Extract TOTP seed instead of using ArubaOTP app

Programming Languages

python
139335 projects - #7 most used programming language

Labels

otparubaeidasspidaruba-otp

Projects that are alternatives of or similar to ArubaOTP-seed-extractor

hotp-php
HMAC Based One Time Passwords in PHP. RFC4226 and RFC6238 compliant.
Stars: ✭ 51 (+121.74%)
Mutual labels:  otp
MinaOTP
TOTP authenticator implement as a wechat mini program
Stars: ✭ 30 (+30.43%)
Mutual labels:  otp
spid-aspnetcore
AspNetCore Remote Authenticator for SPID
Stars: ✭ 28 (+21.74%)
Mutual labels:  spid
AdES
An Implementation of CAdES, XAdES, PAdES and ASiC for Windows in C++
Stars: ✭ 29 (+26.09%)
Mutual labels:  eidas
otp-view
OTP View
Stars: ✭ 32 (+39.13%)
Mutual labels:  otp
e-voting-with-django
The Voting System web application using Django is a project that serves as the automated voting system of an organization or school. This system works like the common manual system of election voting system whereas this system must be populated by the list of the positions, candidates, and voters. This system can help a certain organization or s…
Stars: ✭ 54 (+134.78%)
Mutual labels:  otp
multiOTPCredentialProvider
multiOTP Credential Provider is a V2 Credential Provider for Windows 7/8/8.1/10/2012(R2)/2016 with options like RDP only and UPN name support
Stars: ✭ 121 (+426.09%)
Mutual labels:  otp
php-totp
HOTP and TOTP token generation
Stars: ✭ 33 (+43.48%)
Mutual labels:  otp
otp-authenticator-webapp
A 'Google Authenticator' like Single Page Application
Stars: ✭ 69 (+200%)
Mutual labels:  otp
elixir-fire-brigade-workshop
Workshop "Join the Elixir Fire Brigade - Level-up Your Elixir Debugging Skills" (ElixirConf US 2017)
Stars: ✭ 14 (-39.13%)
Mutual labels:  otp
cre
common runtime environment for distributed programming languages
Stars: ✭ 20 (-13.04%)
Mutual labels:  otp
laravel-otp
A laravel package to protect your routes with one time passwords (otp)
Stars: ✭ 147 (+539.13%)
Mutual labels:  otp
supervisorring
otp/supervisor-like interface to supervise distributed processes
Stars: ✭ 15 (-34.78%)
Mutual labels:  otp
abacus
Abacus is a tool to simplify the handling of units
Stars: ✭ 22 (-4.35%)
Mutual labels:  otp
yubico-rs
Yubikey client API library, Challenge-Response & Configuration
Stars: ✭ 39 (+69.57%)
Mutual labels:  otp
otp
📫 Fault tolerant multicore programs with actors
Stars: ✭ 169 (+634.78%)
Mutual labels:  otp
angular-code-input
Code (number/chars/otp/password) input component for angular 7, 8, 9, 10, 11, 12+ projects including Ionic 4, 5 +
Stars: ✭ 112 (+386.96%)
Mutual labels:  otp
spring-boot-otp
Spring Boot OTP technique.
Stars: ✭ 46 (+100%)
Mutual labels:  otp
nitrokey-storage-firmware
Firmware for the Nitrokey Storage device
Stars: ✭ 53 (+130.43%)
Mutual labels:  otp
rabbit
Build Elixir applications with RabbitMQ
Stars: ✭ 36 (+56.52%)
Mutual labels:  otp
View All Similar Projects ➔

This project is useful only to Italian people, but feel free to take a look if you want.
Why am I writing this in english? I don't know.

ArubaOTP seed extractor

Aruba is an Italian service provider (not to be confused with Aruba Networks) which provides numerous services. One of these services is SPID, the Italian version of eIDAS, and its level 2 requires 2FA to be enabled.
Aruba implements this with it's own app, called ArubaOTP which under the hood is just an implementation of TOTP, but the secret key never gets exposed to the user (the app pairs with an unique identifier, which is just a long number).

So, why this?

This little script allows for the extraction of this TOTP key, so it can be used in another authenticator app.

NOTE however that some apps don't support the HMAC-SHA256 algorithm for TOTP generation, take a look at this article for example (it's a bit old, however).

  • Google Authenticator sadly doesn't even implement support for a custom number of digits (8 are needed for this purpose)
  • Authy doesn't support the sha256 algorithm, but it doesn't explicitly mention it. Reading the qr code with this will lead to a successful import, but a wrong code to be generated.

There is a script in this repo, in which you can paste the seed, to check the validity of the otp code from your app, or simply to validate the code the first time. If you need an hint, I found and use Aegis Authenticator, pretty cool and open source too.

Usage

  1. After cloning the repo run the command pip install -r requirements.txt
  2. Open the Aruba website and start the pairing, ignoring the ArubaOTP step
  3. When the QR code appears copy the code on the right (without spaces)
  4. Run the command python ./scripts/main.py extract <validation_code>, add -q flag if you need the QR representation
  5. Run the command python ./scripts/main.py generate to get the current OTP code

WARNING

Always make a backup of your seed, without it you could lose access to your aruba account!
I don't take responsibility from any damage caused by this script.
This project was made only for educational purposes

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].